PERFORCE change 111062 for review
Todd Miller
millert at FreeBSD.org
Mon Dec 4 10:50:54 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=111062
Change 111062 by millert at millert_g5tower on 2006/12/04 18:46:12
In getfilesids1() use sidtab_search_context() instead of
sidtab_context_to_sid() to validate sids. The latter will
insert a non-existent sid into the table which is not what
we want. Fixes the security.mac.sebsd.file.sids sysctl.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/services.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/services.c#4 (text+ko) ====
@@ -1680,7 +1680,7 @@
if (constraint == NULL &&
mls_context_isvalid(&policydb, &fc) &&
- sidtab_context_to_sid(&sidtab, &fc, &sid) == 0) {
+ (sid = sidtab_search_context(&sidtab, &fc)) != 0) {
/* passed all checks, add to list */
if (p->numsids == p->maxsids) {
u32 *sids;
@@ -1702,7 +1702,7 @@
return 0;
}
-int security_get_file_sids(u32 user,
+int security_get_file_sids(u32 usersid,
u16 sclass,
u32 **sids,
u32 *numsids)
@@ -1722,7 +1722,7 @@
POLICY_RDLOCK;
- scontext = sidtab_search(&sidtab, user);
+ scontext = sidtab_search(&sidtab, usersid);
if (scontext == NULL) {
rc = EINVAL;
goto out_unlock;
More information about the trustedbsd-cvs
mailing list